Repository navigation
etw-bypass
- Website
- Wikipedia
Multilayered AV/EDR Evasion Framework
NyxInvoke is a Rust CLI tool for running .NET assemblies, PowerShell, and BOFs with Patchless AMSI and ETW bypass features. with Dual-build support
Two in one, patch lifetime powershell console, no more etw and amsi!
A WIP shellcode loader tool which bypasses AV/EDR, coded in C++, and equipped with a minimal builder.
Generator of https://github.com/TheWover/donut in pure Go. supports compression, AMSI/WLDP/ETW bypass, etc.
Event Tracing for Windows EDR bypass in Rust (usermode)
A proof of concept AMSI & ETW bypass using trampolines for hooking and modifying execution flow
code snippet provided demonstrates how to patch the EtwEventWrite function in the ntdll.dll library on Windows using CGO (C Go).
Loads a C# binary in memory within powershell profile, patching AMSI + ETW.
ETW Bypass by patching main ETW internal function
Forge your payloads into undetectable forces. Engineered for stability, power, and silent operation.
Undetected (at the time of writing this) ETW and Amsi Patcher in C#
Nyx is a lightweight scripting language that prioritizes simplicity and ease of use. 🌟 With Nyx, you can quickly run scripts and explore creative coding possibilities. 🐙
Diabellstar is a Rust-based tool that performs ETW bypass by patching the NtTraceEvent function in ntdll.dll
Clean forensic traces on Linux, macOS, and Windows with Nyx. This alpha tool helps maintain privacy by removing various system artifacts. 🐙💻